CVE-2025-41335
📋 TL;DR
An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' confidential information by manipulating POST parameters. This affects all users of the vulnerable application who have sensitive data stored in the system. The vulnerability is exploitable via the '/api/buscarEmpresaById.php' endpoint.
💻 Affected Systems
- CanalDenuncia.app
📦 What is this software?
Canaldenuncia.app by Canaldenuncia
⚠️ Risk & Real-World Impact
Worst Case
Mass data breach exposing all user records including personally identifiable information, financial data, and confidential corporate reports.
Likely Case
Targeted data extraction of specific users' information leading to privacy violations and potential identity theft.
If Mitigated
Unauthorized access attempts are logged and blocked by proper authorization controls with minimal data exposure.
🎯 Exploit Status
Exploitation requires sending crafted POST requests but does not require authentication. The technique is simple and could be automated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check vendor advisory
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp
Restart Required: Yes
Instructions:
1. Contact CanalDenuncia.app vendor for patched version. 2. Apply the security update. 3. Restart the application service. 4. Verify the fix is working.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock or monitor suspicious POST requests to the vulnerable endpoint
WAF specific - configure rule to inspect POST requests to /api/buscarEmpresaById.php for parameter manipulation
Endpoint Restriction
linuxRestrict access to the vulnerable API endpoint
iptables -A INPUT -p tcp --dport 80 -m string --string "/api/buscarEmpresaById.php" --algo bm -j DROP
nginx: location ~* /api/buscarEmpresaById\.php { return 403; }
🧯 If You Can't Patch
- Implement strict authorization checks at the application layer to validate user permissions before processing requests
- Deploy a web application firewall with rules to detect and block parameter manipulation attempts
🔍 How to Verify
Check if Vulnerable:
Send a POST request to /api/buscarEmpresaById.php with manipulated 'id' and 'id_sociedad' parameters. If you can access data belonging to other users, the system is vulnerable.Check Version:
Check application version through admin interface or contact vendor directlyVerify Fix Applied:
Attempt the same POST request manipulation. The system should return authorization errors or empty results for unauthorized data access attempts.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /api/buscarEmpresaById.php with varying id parameters
- Unusual access patterns to user data endpoints
- Failed authorization attempts
Network Indicators:
- Unusual traffic spikes to the vulnerable endpoint
- POST requests with manipulated parameter values
SIEM Query:
source="web_logs" AND uri="/api/buscarEmpresaById.php" AND method="POST" | stats count by src_ip, form_data